SSL HandShake - Client Authentication
Question
How does a browser know which certificate to send to the server during client authentication step in ssl handshake when there are so many certificates with it. I mean how does it identify which certificate is for which server
3 answers
solution1
1 2014-09-19 07:49:44
It doesn't. Client certificates aren't specific to a server.
solution2
1 2014-09-19 08:42:02
The server can optionally send a list of required certificate agencies to the client. Then the client can pick the certificate signed by the required CA.
solution3
1 ACCPTED 2014-10-22 21:00:02
Now for CyberMonk's question
if you see my response above, you can see how the server is requesting the client to send a certificate with one of its trusted authorities. The client can pick a certificate based on this.
If there is a conflict, the browser's usually present you the list of certificates and ask you to pick one of these to use. I know that Safari and Chrome do this for sure.
Most likely, once you choose a certificate, the browser continues to use the same for the rest of the session.
Now, for you to make tomcat request the same, if this is a self signed certificate, you can place the public certificate in tomcat's truststore. It this is not a self signed certificate, you have to place the public root CA certificate in tomcat's trust store
A browser may contain several public certificates, but it won't send the certificate to a server unless it has the private key to sign it. You(or your browser) would have the private key only if you went throughout he process of certificate creation. Once you have a private key and import the private key/public certificate pair into the browser, it will be able to send the certificate.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.